CVE-2021-20077
N/A
N/A
Summary
Nessus Agent versions 7.2.0 through 8.2.2 were found to inadvertently capture the IAM role security token on the local host during initial linking of the Nessus Agent when installed on an Amazon EC2 instance. This could allow a privileged attacker to obtain the token.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | Tenable Nessus Agent | 7.2.0 through 8.2.2 | affected |
Weaknesses
- Privilege Escalation
ADP Enrichment
CVE Program Container
Additional References
- https://www.tenable.com/security/tns-2021-04-0
- https://www.tenable.com/security/tns-2021-07
- https://www.tenable.com/security/tns-2021-04-0
References
- https://www.tenable.com/security/tns-2021-04-0
- https://www.tenable.com/security/tns-2021-07
- https://www.tenable.com/security/tns-2021-04-0
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.